Monthly Archives:October 2016

Post navigation

I’ve been a Cloud CISO for a little more than 5 years now. One consequence is that enterprise endpoint security products and I have rarely passed paths. Agile orgs running Linux / OSX with users perpetually outside the perimeter is not easily solved for with legacy endpoint products.

The report could have been written ten years ago, with the notable exceptions:

Companies like Carbon Black, Cylance, CrowdStrike and Bromium have emerged to challenge perennial industry giants. Any innovation in endpoint security is noteworthy. No longer is it acceptable for the incumbents to ride the cash cow of enterprise renewals without significant development efforts to keep pace.

Quarantine = Remediation

You can find the Forrester report over on the Carbon Black website. (Gated, Sigh…)

AUSTIN TX — As I write this in October of 2016, a constant of American life is the inescapable media coverage of critical incidents involving law enforcement. The Media, in a free and open society, plays a critical role reporting and providing to the public a degree of transparency about how our government is policing us. We should be cautioned, however, to form our own individual opinions when digesting these events and to avoid being led blindly by a media narrative woven with information that is often, at best, incomplete, and at worst, completely wrong. Its easy to forget that even the best media coverage lacks the context that comes from having all of the information available to investigators.

The most important part of that information is, of course, the evidence. Evidence is and always has been the impartial witness that enables the facts to be known and justice to be served. Evidence collection and processing has evolved over several hundred years of policing into a mature discipline. A critical component of this discipline is “chain of custody”, a process that seeks to ensure the integrity of the evidence from the time of collection to final disposition of the case. Until recently, the traditional processes and technology used for evidence management had been sufficient. Unfortunately that is no longer the case. A disruptive force threatens even the most mature evidentiary processes. This force, in a word:data.

Every day we create 2.5 quintillion bytes of data, and a staggering 90% of the world’s data was created in the last two years. While the digital evidence associated with critical law enforcement incidents represents a tiny percentage of that data, it is undoubtedly one of the most important parts of it. While no data points exist to speak to the amount of digital evidence being created daily, empirical observations are telling. In addition to the video evidence generated by Body Worn Cameras (BWC’s) used by police officers, other sources such as video surveillance systems and the proliferation of video recording by the public are all contributing to an ever growing mountain of digital evidence that must be managed. This huge trove of data combined with public scrutiny of critical incidents is exerting new pressures on both law enforcement administrators and the technology they use to manage it.

Evidence management systems have evolved significantly from the paper systems of the 1960’s and the mainframes of the 70’s that were only tasked with tracking physical evidence. The personal computer revolution at the end of the 80’s finally enabled digital evidence management, even if only in the most rudimentary fashion. Today, the rise of cloud has enabled the creation of a new class of cloud-enabled Digital Evidence Management Software (DEMS) products, purpose built to manage the enormous amounts of data we must maintain with integrity. While its admittedly not a panacea, in today’s world, cloud based DEMS may represent the best method we have for ensuring that all evidence eventually facilitates justice.

—–

This article is a repost of an article originally guest authored for the DoubleHorn blog.

Post navigation

Search

Why Cloud Insanity?

If software is eating the world, then the cloud must be its digestive system. Those of us that work “in the cloud" know what a messy job it can be.

We are riding an unprecedented wave of technological innovation that is both awesome and terrifying. Rapid change, incessant unrelenting noise and the need to transform organizations seemingly overnight makes sanity a stretch goal, at best.

Writing about it helps me. I hope it can help you in some small way as well.

Stuart Clark

Stuart Clark

Stuart is a security strategist, consultant, and entrepreneur. His 25 years of converged security experience span a diverse spectrum of law enforcement, venture backed startups, and high growth multi-billion dollar financial services firms.

He has served in the role of Reluctant CISO for the last 15 years. He is not particularly fond of the role but gains great satisfaction when his efforts results in measurable improvements to the security and overall maturity of organizations.

As a commissioned Texas Peace Officer and CISO (Chief Information Security Officer) Stuart is uniquely positioned to serve as a bridge between law enforcement, technologists and the public. He writes and speaks frequently on technology, law enforcement, and cybersecurity topics.